Solved: Table contain user name and tcode

Former Member · ‎05-26-2009

Dear Experts,

Can you tell me which Table contained user name and tcode field?

Thanks and Best regards,

wilson

sdipanjan · ‎05-27-2009

You can't find this details from one table only.

1. Find out the list of roles available for each user from the table AGR_USERS

2. After extracting the list of point 1, put those roles in table AGR_TCODES and find out the list of Tcodes for those role.

You can also see this list very easily as described by Barnerd.

Regards,

Dipanjan

JPReyes · ‎05-26-2009

For users USR02 and for transactions TSTC

Regards

Juan

Former Member · ‎05-27-2009

Hi Juan,

Thanks, but do you have any idea how to list user permission of all tcode they have it.

wilson

JPReyes · ‎05-27-2009

Moved to Security forum

Bernhard_SAP · ‎05-27-2009

Hi Wilson,

use the user information system, t-code SUIM.

For instance 'transactions-> executable for user' or 'User->by Transaction Authorization',.....

b.rgds

Bernhard

sdipanjan · ‎05-27-2009

You can't find this details from one table only.

1. Find out the list of roles available for each user from the table AGR_USERS

2. After extracting the list of point 1, put those roles in table AGR_TCODES and find out the list of Tcodes for those role.

You can also see this list very easily as described by Barnerd.

Regards,

Dipanjan

jurjen_heeck · ‎05-27-2009

> put those roles in table AGR_TCODES and find out the list of Tcodes for those role.

That will only return the tcodes listed in the role menus, not in the actual authorizations. Use AGR_1251 and filter on object S_TCODE for those.

sdipanjan · ‎05-27-2009

>


> > put those roles in table AGR_TCODES and find out the list of Tcodes for those role.
> 
> That will only return the tcodes listed in the role menus, not in the actual authorizations. Use AGR_1251 and filter on object S_TCODE for those.

This correct too..!!

Wilson: Please use this approach in case any TCodes are entered in manually included S_TCODE in the role and don't follow the point 2 I suggested. Otherwise, it is fine. Still to be in safer side, please use this approach.

regards, Dipanjan

jurjen_heeck · ‎05-27-2009

> this approach in case any TCodes are entered in manually included S_TCODE in the role

Okay, I will try this one more time: several transactions have S_TCODE proposals in their "SU24 settings". In a perfectly SAP-standard world with no manual additions to S_TCODE there can be more transactions in the profile than in the role menu. Please do not try to link this exclusively to manually entered S_TCODE values.

I've had enough fights with customers accusing me of entering transactions into S_TCODE manually just because AGR_TCODES wouldn't sync with AGR_1251 filtered on S_TCODE. That is just not the correct way of measuring/finding non-standard role building.

Thank you

Jurjen

sdipanjan · ‎05-27-2009

Mee too. Even currently I am doing such design for a part of QM of my client. You will find this very frequent manner in Plant Maintenance (including QM). For e.g. you build a role with IW22... it is expected to have only IW22 for TCD field ... but it also calls IQS2. (see below example).

IW22 I_BEGRP TCD IQS2

IW22

I_INGRP TCD IQS2

IW22

I_IWERK TCD IQS2

IW22

I_KOSTL TCD IQS2

IW22

I_QMEL TCD IQS2

IW22

I_SWERK TCD IQS2

IW22

I_TCODE TCD IQS2

IW22

S_TCODE TCD IQS2

In PM, such Objects are: I_BEGRP, I_INGRP, I_IWERK, I_KOSTL, I_QMEL, I_ROUT1, I_SWERK, I_TCODE

Regards,

Dipanjan

Former Member · ‎05-27-2009

You need to be even more carefull with parameter transactions.

If SU24 is not maintained for them, PFCG will pull the proposals from the core transaction (via which the parameters are used in the skip screen feature...). If the core transaction has authority proposals for S_TCODE, then you will get those tcodes and their proposals as well.

A carefull choice of menu objects (not only limited to Tcodes), taking heed of SU24 defaults and tuning it to meet your needs is the key. But it requires organizational discipline and good training, otherwise rather dont use it for anything other than important objects which you want to control manually only, even if your business roles are a mess.

You can also restrict the authorizations of the security admins for example (as unpopular as that may sound... to segregate authorization concept development (SU24 etc), role building development (PFCG etc) and user administration (SU01 etc). Object S_USER_TCD also has a field called TCD...

There are also other objects (as Dipanjan has pointed out) which have TCD as a field of an object which is not S_TCODE. In addition to I_TCODE, Q_TCODE, P_TCODE, see also S_IDOCMONI for example.

To be honest I have given up on trying to find them all

The easiest solution is to use the menu and maintain SU24 when the transaction is configured or the application is developed and tested. That is what SAP does as well in SU22. It is more work upfront, but more sustainable in the long run.

If your users (and auditors) only see the menu (and use the SUIM --> Executable transactions) options, then you can get away with it in the short or even medium term. Latest when someone else need to maintain the roles they will hate it...

My 2 cents,

Julius

former_member182098 · ‎05-27-2009

Hello,

Write a query using SQVI (Table join)

AGR_TCODES

AGR_ROLES

Join role in two tables.

You will get the requisite results.

Regards,

Ravi

jurjen_heeck · ‎05-27-2009

> Write a query using SQVI (Table join)

>

> AGR_TCODES

> AGR_ROLES

>

> Join role in two tables.

This answer is incorrect.

For AGR_TCODES see the ongoing discussion about AGR_TCODES vs AGR_1251 filtered on S_TCODE.

AGR_ROLES? No idea what's meant here. If it was AGR_USERS then this answer already has been given earlier in the thread albeit without SQVI. This will only return menu entries, not authorizations.

former_member182098 · ‎05-27-2009

Sorry. It was typo, it should be AGR_USERS.

The question states for the user name and their transaction codes, if I understand correctly.

When we create a query, it gives the details of USER NAME / ROLES AND TRANSACTION CODES in a single sheet.

We can use PIVOTAL TABLE function in EXCEL, pick user name and transaction codes it gives a summarized report.

Regards,

Ravi

Former Member · ‎09-28-2009

Thanks, this is great help.

wilson

Former Member · ‎05-30-2009

hii,

For this u have to write a sqvi query by joining two tables agr_users and agr_tcodes u can get a list

of users with tcodes

Thanks and reagrds...............

Former Member · ‎05-30-2009

>


> hii,
>  
> For this u have to write a sqvi query by joining two tables agr_users and agr_tcodes u can get a list
> of users with tcodes
> 
>                  Thanks and reagrds...............

As Jurjen has pointed out, this will give you an incomplete list which you should not rely on.

Former Member · ‎06-02-2009

Hi,

That's exact what I want to do it, because I am now facing the problems. I couldn't merge data from these two table, because the rows is more than 65400 rows, excel could not be generate it. If you could teach me how, that's will be grace for me.

wilson

Former Member · ‎06-02-2009

Grace comes with MS Office Excel 2007 (1,048,576 rows) or MS Access.

Cheers,

Julius

Former Member · ‎06-04-2009

Hi,

would you teach me how to do?

wilson

former_member182098 · ‎06-04-2009

Hello,

Julius is trying to tell, if your local PC is having Microsoft Excel Version 2007 version, you can download more than million records, if you having 2003 version your download is restricted around 65000 line item. Therefore, ask you local system administrator to add 2007 MS Office version in your PC.

There is nothing special that can be teached.

Regards,

Ravi

Former Member · ‎09-30-2015

This message was moderated.

former_member833479 · ‎03-13-2023

use the user information system, t-code SUIM.